Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File ssl-ccs-injection

Script types: portrule
Categories: vuln, safe
Download: http://nmap.org/svn/scripts/ssl-ccs-injection.nse

User Summary

Detects whether a server is vulnerable to the SSL/TLS "CCS Injection" vulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle (https://gist.github.com/rcvalle/71f4b027d61a78c42607)

In order to exploit the vulnerablity, a MITM attacker would effectively do the following:

o Wait for a new TLS connection, followed by the ClientHello ServerHello handshake messages.

o Issue a CCS packet in both the directions, which causes the OpenSSL code to use a zero length pre master secret key. The packet is sent to both ends of the connection. Session Keys are derived using a zero length pre master secret key, and future session keys also share this weakness.

o Renegotiate the handshake parameters.

o The attacker is now able to decrypt or even modify the packets in transit.

The script works by sending a 'ChangeCipherSpec' message out of order and checking whether the server returns an 'UNEXPECTED_MESSAGE' alert record or not. Since a non-patched server would simply accept this message, the CCS packet is sent twice, in order to force an alert from the server. If the alert type is different than 'UNEXPECTED_MESSAGE', we can conclude the server is vulnerable.

Script Arguments

vulns.showall

See the documentation for the vulns library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 443 --script ssl-ccs-injection <target>

Script Output

PORT    STATE SERVICE
443/tcp open  https
| ssl-ccs-injection:
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
|       1.0.1h does not properly restrict processing of ChangeCipherSpec
|       messages, which allows man-in-the-middle attackers to trigger use
|       of a zero-length master key in certain OpenSSL-to-OpenSSL
|       communications, and consequently hijack sessions or obtain
|       sensitive information, via a crafted TLS handshake, aka the
|       "CCS Injection" vulnerability.
|
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|       http://www.cvedetails.com/cve/2014-0224
|_      http://www.openssl.org/news/secadv_20140605.txt

Requires


Author: Claudiu Perta <claudiu.perta@gmail.com>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault